---
freezes: true
# most of our systems are in phx2
datacenter: phx2

# most of our systems are 64bit. 
# Used to install various nagios scripts and the like.
libdir: /usr/lib64

# example of ports for default iptables
# tcp_ports: [ 22, 80, 443 ]
# udp_ports: [ 110, 1024, 2049 ]
# multiple lines can be handled as below
# custom_rules: [ '-A INPUT -p tcp -m tcp --dport 8888 -j ACCEPT',
#                  '-A INPUT -p tcp -m tcp --dport 8889 -j ACCEPT' ]
# We default these to empty
udp_ports: []
tcp_ports: []
custom_rules: []
custom6_rules: []

# defaults for virt installs
ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7
ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/
mem_size: 2048
num_cpus: 2
lvm_size: 20000

# default virt install command is for a single nic-device
# define in another group file for more nics (see buildvm)
#virt_install_command: /usr/sbin/virt-install -n {{ inventory_hostname }} -r {{ mem_size }} 
#                 --disk {{ volgroup }}/{{ inventory_hostname }}
#                 --vcpus={{ num_cpus }}  -l {{ ks_repo }} -x 
#                 "ksdevice=eth0 ks={{ ks_url }} ip={{ eth0_ip }} netmask={{ nm }} 
#                  gateway={{ gw }} dns={{ dns }} console=tty0 console=ttyS0
#                  hostname={{ inventory_hostname }}" 
#                 --network=bridge=br0 --autostart --noautoconsole

virt_install_command: virt-install -n {{ inventory_hostname }} -r {{ mem_size }}
                 --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }}
                 --vcpus={{ num_cpus }}  -l {{ ks_repo }} -x
                 'ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0
                  hostname={{ inventory_hostname }} nameserver={{ dns }}
                  ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none'
                 --network bridge=br0,model=virtio
                 --autostart --noautoconsole

# This is the wildcard certname for our proxies.  It has a different name for
# the staging group and is used in the proxies.yml playbook.
wildcard_cert_name: wildcard-2014.fedoraproject.org

# By default, nodes get no fedmsg certs.  They need to declare them explicitly.
fedmsg_certs: []

# By default, fedmsg should not log debug info.  Groups can override this.
fedmsg_loglevel: INFO

# By default, fedmsg hosts are in passive mode.  External hosts are typically
# active.
fedmsg_active: False

# Other defaults for fedmsg environments
fedmsg_prefix: org.fedoraproject
fedmsg_env: prod

# A special flag that, when set to true, will disconnect the host from the
# global fedmsg-relay instance and set it up with its own local one.  You can
# temporarily set this to true for a specific host to do some debugging -- so
# you can *replay real messages from the datagrepper history without having
# those broadcast to the rest of the bus*.
fedmsg_debug_loopback: False

# These are used to:
#  1) configure mod_wsgi
#  2) open iptables rules for fedmsg (per wsgi thread)
#  3) declare enough fedmsg endpoints for the service
#wsgi_fedmsg_service:  bodhi
#wsgi_procs: 4
#wsgi_threads: 4

# By default, nodes don't backup any dbs on them unless they declare it.
dbs_to_backup: []

# by default the number of procs we allow before we whine
nrpe_procs_warn: 250
nrpe_procs_crit: 300

# by default, the number of emails in queue before we whine
nrpe_check_postfix_queue_warn: 2
nrpe_check_postfix_queue_crit: 5

# env is staging or production, we default it to production here. 
env: production
env_suffix:

# nfs mount options, override at the group/host level
nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3"

# by default set sudo to false here We can override it as needed. 
# Note that if sudo is true, you need to unset requiretty for 
# ssh controlpersist to work. 
sudo: false

# default the root_auth_users to nothing. 
# This should be set for cloud instances in their host or group vars.
root_auth_users: ''

# This vars get shoved into /etc/system_identification by the base role.
# Groups and individual hosts should override them with specific info.
# See http://infrastructure.fedoraproject.org/csi/security-policy/
csi_security_category: Unspecified
csi_primary_contact: Fedora Admins - admin@fedoraproject.org
csi_purpose: Unspecified
csi_relationship: |
    Unspecified.
    * What hosts/services does this rely on?
    * What hosts/services rely on this?

    To update this text, add the csi_* vars to group_vars/ in ansible.
